Details: “On January 29, 2015, Premera Blue Cross (Premera) discovered that cyberattackers had executed a sophisticated attack to gain unauthorized access to our Information Technology (IT) systems. Our investigation further revealed that the initial attack occurred on May 5, 2014. As part of our own investigation, we notified the FBI and are coordinating with the Bureau’s investigation into this attack…

Details: “On January 29, 2015, LifeWise discovered that cyberattackers had executed a sophisticated attack to gain unauthorized access to our Information Technology (IT) systems. Our investigation further revealed that the initial attack occurred on May 5, 2014. As part of our own investigation, we notified the FBI and are coordinating with the Bureau’s investigation into this attack…

“This incident affected LifeWise Health Plan of Washington, LifeWise Health Plan of Oregon and LifeWise Assurance Company. It also affected LifeWise Health Plan of Arizona, which no longer does business in that state…

“Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected.”

Type of personal information compromised: “name, date of birth, phone number, social security number, and home address. No treatment, payment, or any other financial data was accessed.”

Details: “The unauthorized access occurred between February 23, 2015 and February 26, 2015. The intruder was able to gain access to this database through a computer that had been infected with malware. Advantage terminated the illegal access immediately upon discovery on February 26, 2015…

“Since terminating the illegal access, Advantage has been reviewing and improving its safeguards, implemented mitigation steps to prevent further access and has been working with law enforcement to properly determine the scope of the incident and any additional steps that might be required.”

HIPAA covered entities that are concerned about data security should implement an information security management system (ISMS), as specified by the international best-practice standard ISO 27001.

By virtue of its all-inclusive approach, ISO 27001 encapsulates the information security elements of HIPAA by providing an auditable ISMS designed for continual improvement.

It is often the case that companies will also achieve compliance with a host of other related legislative frameworks simply by achieving ISO 27001 registration. In addition to this, the external validation offered by ISO 27001 registration is likely to improve an organization’s cybersecurity posture while providing a higher level of confidence to customers and stakeholders – essential for securing certain global and government contracts.

IT Governance’s ISO 27001 Packaged Solutions provide fixed-price ISO 27001 implementation resources and consultancy support for all organizations, whatever their size, sector, or location, from under $600.

Civil monetary penalties (CMPs) for HIPAA violations can be as much as $50,000 per compromised record, up to an annual maximum of $1.5 million, and criminal penalties can incur fines of up to $250,000 and ten years’ imprisonment.